Zocdoc says ‘programming errors’ exposed access to patients’ data

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Zocdoc says it has fixed a bug that allowed current and former staff at doctor’s offices and dental practices to access patient data because their user accounts weren’t properly decommissioned.

The New York-based company revealed the issue in a letter to the California attorney general’s office, which requires companies with more than 500 residents of the state affected by a security lapse or breach to disclose the incident.

Zocdoc, which lets prospective patients book appointments with doctors and dentists, said that it gives each medical or dental practice usernames and passwords for its staff to access appointments made through Zocdoc, but that “programming errors” — essentially a software bug in Zocdoc’s own systems — “allowed some past or current practice staff members to access the provider portal after their usernames and passwords were intended to be removed, deleted or otherwise limited.”

The letter confirmed that patient data stored in Zocdoc’s portal could have been accessed, including a patient’s name, email address, phone number, and the times and dates of their appointments, but also other data that may have been shared with the practice — such as insurance details, Social Security numbers and details of the patient’s medical history.

But Zocdoc said payment card numbers, radiological or diagnostic reports, and medical records were not taken, since it does not store this data.

In an email, Zocdoc spokesperson Sandra Glading said that the company discovered the bug in August 2020, but “due to the complexity of the code, it took a significant amount of investigation to determine which, if any, practices and users were affected and how.” The company said it provided notice to the California’s attorney general’s office “as soon as was practicable.”

Zocdoc said it has “detailed logs that can detect exploitation of any data, including any potential exploitation of this vulnerability,” and that after a review of those logs and other investigative work, “we have no indication, at this time, that any personal information was misused in any way.”

Around 6 million users access Zocdoc a month, the company said.

If this incident sounds vaguely familiar, it’s because this was a near-identical security issue to one Zocdoc reported in 2016. A letter filed at the time cited similar “programming errors” that allowed staff at medical providers to improperly access patient data.

More To Explore

Apple unveils 14-inch and 16-inch MacBook Pros powered by M1 Pro and M1 Max chips

Apple has unveiled a major update of its MacBook Pro line-up which is powered by its new M1 Pro and M1 Max silicon to achieve breakthrough performance and even greater power efficiency. And while the major improvements occur under the hood, the new MacBook Pros have also had a significant re-design. Available in 14-inch and […]

The post Apple unveils 14-inch and 16-inch MacBook Pros powered by M1 Pro and M1 Max chips appeared first on Tech Guide.

WhatsApp is integrating its joinable calls feature directly into group chats

WhatsApp announced on Monday that it’s expanding its joinable calls feature to group chats. Joinable calls, which were first introduced in July, allow users to join an ongoing group call after it has begun. With this latest expansion, users can now call a WhatsApp group and join the call directly from a group chat window. […]

Ready to take the plunge into the online world?

drop us a line and keep in touch